Skip to content

Enabling Reauthenticated Approvals

You can configure access requests to require approvers to reauthenticate when they approve sensitive or regulated access items. The system requires approvers to provide a comment that describes the business justification for the access, then directs them to the SSO reauthentication. The decision is recorded as an authenticated approval to fulfill your security requirements.

Note

The reviewer can choose to deny or reassign the request without having to reauthenticate.

Prerequisites

For reauthenticated approvals to be available in your organization:

  1. Enable SSO on your tenant.

  2. Enable reauthenticated approvals in your tenant using the Update Access Request Configuration API with the reauthorizationEnabled attribute.

Configuring Reauthenticated Approvals for an Access Item

  1. Go to Admin > Access Model > [Roles / Access Profiles / Entitlement] and edit any access item.

  2. Select the Reauthentication tab.

  3. Select Require Approval Reauthentication.

  4. Select Save.

Note

The audit record for the approval captures the reauthentication, including the approver, date/time of approval, comment, and reauthentication token. Use Search or one of its pre-built audit reports to review the approval audit.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.